Modular inversion that is protected against espionage

ABSTRACT

In methods for determining, in a way that is protected against spying, the modular inverse b of a value a in relation to a module n for a cryptographic application, an auxiliary value β and an auxiliary module δ are determined at least depending on the value a, the module n and at least one masking parameter r, an auxiliary inverse β′ is determined as the modular inverse of the auxiliary value β in relation to the auxiliary module δ, and the modular inverse b is determined at least depending on the auxiliary inverse β′, the at least one masking parameter r, and the auxiliary value β and/or the auxiliary module δ. A computer program product and a portable data carrier have corresponding features. The invention provides a method for modular inversion, secured against spying, which is suitable for applications where security is critical, such as, e.g. cryptographic calculations on a portable data carrier.

The invention relates in general to the technical domain of cryptographyand more particularly to a technique for modular inversion provided forcryptographic purposes. The invention is provided in particular for usein portable data carriers, which can be configured e.g. as smart cardsin various constructional forms or as chip modules.

In the domain of cryptography methods for modular inversion areemployed, for example, in generating a pair of keys for the RSA encodingor signature method described in U.S. Pat. No. 4,405,829. The RSA methoduses a public key (e, m) and a secret private key d, wherein the value mis the product of two large prime numbers p and q. To calculate the keypair, firstly the values p, q and e are established. The private key dis then calculated as the modular inverse of e in relation to the module(p-1)(q-1). This means that the number d fulfils the equation 1=ed mod(p-1)(q-1). In the calculation the private key d and the module(p-1)(q-1) must remain secret.

In general for two given whole numbers a and n the modular inverse of ain relation to the module n is defined as the number b to which 0≦b<nand 1=ab mod n applies. A number b of this kind exists if a and n arerelatively prime. Algorithms for calculating the modular inverse of agiven value a in relation to a given module n are known per se. Forexample, the extended Euclidian algorithm is described on pages 325 to327 of the book by Donald E. Knuth, “The Art of Computer Programming”,Vol. 2, second edition, Addison-Wesley, 1981. A modification of theextended Euclidian algorithm particularly advantageous in connectionwith binary numbers is Stein's method, described on pages 321 to 324 ofsaid book in connection with exercise 35 on page 339 and the solution toit on page 606.

In the two methods mentioned there is the problem, however, that indirect implementation of the algorithm as a program the processedprogram code and therefore also physical parameters such as running timeor power consumption depend to a large extent on the input data.Therefore, by analysis of the power consumption curve, the programrunning time or other measured values conclusions can be drawn as to theinput values a and n. Examples of these and other opportunities forattack in connection with portable data carriers are described insection 8.2.4.1 (pages 482 to 499) of the book “Handbuch der Chipkarten”by W. Rankl and W. Effing, third edition, Hanser, 1999. Presumablycorresponding opportunities for attack are also possible in othermethods for modular inversion than those described above as examples.

If at least one of the input values a or n has to be kept secret,opportunities for attack like those mentioned above pose a securityrisk. For instance, in the already described example of generating keypairs for the RSA method there is a danger that during calculation ofthe modular inversion of e in relation to the module (p-1)(q-1) anattacker will spy out either the module (p-1)(q-1) to be kept secret ordirectly the result of the calculation, namely the private key d.

Said security problems are particularly critical if the method formodular inversion is executed by a processor of a portable data carrier,a smart card, for example, or a chip module. A first reason for this isthat portable data carriers of this kind are often used for applicationswhere security is critical, e.g. in connection with financialtransactions, access control or the signature of legally bindingdocuments. Secondly, portable data carriers are typically in thepossession of the attacker while the method is being executed, so theattacker has all the access and analysis opportunities for spying outthe values to be kept secret.

The object of the invention is therefore to provide a method for modularinversion which is secured against spying and is suitable forapplications where security is critical, such as, e.g. cryptographiccalculations on a portable data carrier. In particular, the methodshould have as low a susceptibility to attacks by running time analysisor power consumption analysis as possible.

According to the invention this object is completely or partiallyachieved by a method with the features of claim 1, a computer programproduct according to claim 12 and a portable data carrier according toclaim 13. The dependent claims define preferred configurations of theinvention.

The invention starts from the basic idea of not feeding the input data(namely the value a and the module n) directly to a method for modularinversion, but first transforming them in a suitable way into anauxiliary value β and an auxiliary module δ. Here, at least one maskingparameter r influencing the transformation is chosen, e.g. randomly orquasi-randomly or in some other suitable manner, in such a way that nosufficient information on the input data to be kept secret or the partof the input data to be kept secret can be derived even with knowledgeof the auxiliary value β and/or the auxiliary module δ.

From the auxiliary value β and the auxiliary module δ an auxiliaryinverse β′ is then determined according to a method for modularinversion known per se. Even if this inversion method is possiblyaccessible to one of the initially mentioned opportunities for attack,spying out the auxiliary value β and/or the auxiliary module δ and/orthe auxiliary inverse β′ is of no advantage to the attacker, becausethey contain the initial data at least partially in masked form, namelydepending on at least one masking parameter r.

Finally, the initial transformation is effectively reversed bycalculating the modular inverse b depending on the auxiliary inverse β′.The at least one masking parameter r and at least one of the values βand δ and also, where appropriate, further values also have someinfluence on this reverse transformation.

By means of the forward and reverse transformation provided according tothe invention the values to be kept secret are therefore disguised ormasked before the critical calculation section. This disguising ormasking is reversed again after the calculation of the modular inversewhich is at risk from spying, in order to obtain the desired result. Thecalculations serving for masking and unmasking are secured against theopportunities for attack to be taken into account in this case. Theentire method is in this way secured against spying and also suitablefor critical applications. A certain extra outlay is required for thecalculations serving for masking and unmasking, though overall this isnot of any particular significance.

In preferred configurations both the auxiliary value β and the auxiliarymodule δ are masked in the sense that they differ from the basic value aand the module n, respectively. In other embodiment forms of theinvention, on the other hand, it is provided to perform the masking onlyin respect of one of these values. Then either the auxiliary value β isidentical to the value a or the auxiliary module δ is identical to themodule n. These configurations can be employed in particular if one ofthe values a and n does not need to be kept secret.

In preferred configurations the masking parameter r is chosen again atrandom for each individual execution of the method, in that, forexample, a suitable random number algorithm is called. In embodimentalternatives, on the other hand, the masking parameter r may remainconstant for several calculations or be stepped by a simple algorithmwhich does not fulfil any strict requirements with regard to randomdistribution. This too may be sufficient to produce adequate securityagainst spying. The masking parameter r has preferably approximately thesame order of magnitude as the module n. This may mean, e.g. that thevalues r and n differ in length as binary or decimal numbers at the mostby 20 per cent or at the most by half.

It is preferably provided to distort the value a and/or the module n bymultiplying it by the masking parameter r, wherein the auxiliary value βand/or the auxiliary module 6 are calculated depending on the product.

In preferred configurations, as well as the masking parameter r, atleast one other auxiliary parameter s is provided, which is likewiseused for calculating the masked values β and/or δ, but which is nolonger directly utilised in later determining of the modular inverse.The auxiliary parameter s does, however, have an indirect influence onthis calculation, because it usually influences at least one of thevalues β, β′ and δ. The above-mentioned preferred characteristics of themasking parameter r also apply correspondingly to the auxiliaryparameter s in preferred configurations.

The auxiliary value β and the auxiliary module δ result in each case asthe difference between a multiple of the value a and a multiple of themodule n. It can in particular be provided to determine the auxiliaryvalue β and the auxiliary module δ according to the equations ra=αn+βand sn=γa+δ or according to the equations ra=αn+δ and sn=γa+β. If, inaddition, the in equation 0≦β<n or 0≦δ<n or, respectively, the inequation 0≦δ<a or 0≦β<a is fulfilled, this corresponds to onecalculation of a division with remainder in each case.

The computer program product according to the invention has programcommands to implement the method according to the invention. A computerprogram product of this kind may be, for example, a semiconductor memoryor a diskette or a CD-ROM on which a calculation program according tothe invention is stored. A computer program product of this kind can beprovided in particular for use in the production of smart cards.

In preferred configurations the computer program product and/or theportable data carrier are further developed with features correspondingto the above-described features and/or those mentioned in the dependentmethod claims.

Further features, advantages and objects of the invention are apparentfrom the following precise description of an embodiment example andseveral embodiment alternatives. Reference is made to the schematicdrawings in which the (single) FIG. 1 shows a flow chart of theexecution of the method in an embodiment example of the invention.

The method schematically illustrated in FIG. 1 is provided to beexecuted by a processor of a portable data carrier, in particular asmart card or a chip module. The method is for this purpose implementedin the form of program commands for this processor, stored in a ROM orEEPROM of the data carrier. In the present embodiment example the methodis used in the key pair determination for an RSA encoding method or anRSA signature method. In embodiment variants of the invention, on theother hand, the method is used for other cryptographic purposes.

The method starts from a preset value a and a module n and calculatesfrom these the modular inverse b, in other words the value 0≦b<n, towhich 1=ab mod n applies. In a first step 10 the value a and the modulen are transformed for this, in order to determine an auxiliary value βand an auxiliary module δ. In the present embodiment example step 10 hasfour partial steps 12, 14, 16, 18 which can also be executed inembodiment alternatives in a different order or completely or partiallyinterleaved.

In the first partial step 12 a random masking parameter r is determinedwhich has approximately the same order of magnitude as the value n. Arandom number generator known per se and implemented by software isemployed for this. The product of the masking parameter r and the valuea is divided in partial step 14 by the module n into whole numbers withremainder. The whole-number quotient α is not further required, whereasthe remainder β serves as auxiliary value for the further method.

Partial steps 16 and 18 correspond to partial steps 12 and 14 justdescribed. In partial step 16 a random auxiliary parameter s isdetermined and in partial step 18 the product of the auxiliary parameters with the module n is divided by the value a. Both the whole-numberquotient y and the remainder δ are required in the following steps; theremainder 8 is here also designated as auxiliary module δ.

In step 20, according to a method for modular inversion known per se,for example according to the extended Euclidian algorithm or Stein'smethod, an auxiliary inverse β′ of the auxiliary value β is calculatedin relation to the auxiliary module δ. In other words the value β′ hasthe property 1=ββ′ mod δ.

It can occur that the calculation of the auxiliary inverse β fails,because the values β and δ are not relatively prime and therefore noinverse β′ of β exists. If this case occurs in step 20, a return 22 tothe beginning of step 10 is triggered. New random values r and s arethen chosen. The probability of a return of this kind taking place isapproximately 40%, if a and n are relatively prime. It is thereforeimprobable that an excessive number of returns 22 will have to beexecuted. The probability of more than four new pairs of random numbersr and s having to be calculated is only approximately one per cent, forexample.

If a and n are not relatively prime, the return 22 is always executed,so the method shown in FIG. 1 would not terminate. If this method weretherefore to be employed in a context in which it is not certain fromthe start whether a and n are relatively prime, the use of a returncounter is provided. The return counter monitors the number of returns22 which occur during an execution of the method. If a preset maximumnumber of returns 22 is exceeded, the method of FIG. 1 is terminated. Afurther condition for the correct execution of the method is theexclusion of the trivial cases a=1 and n=1 (which are of no interest inpractice), as in these cases the method always fails.

After determination of the auxiliary inverse β in step 20, in step 24the inverse b is calculated, in that firstly a calculation of anintermediate value δ′=(ββ′−1)/δ and then the final calculation b=β′r+δ′γmod n are performed. The value b is the inverse sought, which is nowavailable to the cryptographic application.

Steps 10 and 24 can easily be secured against the initially describedattacks by running time analysis and power consumption analysis, becausealgorithms are available for the calculations performed there whichoffer few opportunities for attack. Though the inverse calculation instep 20 is at risk from spying, by analysing this step an attacker couldat the most obtain knowledge about the auxiliary value β and/or theauxiliary module δ. These values were masked in step 10 in respect ofthe input values a and n to be kept secret, as the random maskingparameter r and the random auxiliary parameter s had some influence onthe calculation of β and δ. Possible knowledge of the values β and δtherefore does not allow an attacker to draw any security-damagingconclusions as to the input values a and n.

In alternative configurations of the method of FIG. 1, in partial steps14 and 18 the roles of the values β and δ are reversed. In this case instep 24 instead of the equation b=β′r+δ′γ mod n, the equationb=−(δ′r+β′γ) mod n is used.

In further embodiment alternatives, in partial step 14 and/or partialstep 16 instead of performing a division with remainder, the values αand/or γ are chosen at random or according to some other suitablemethod. In this case in partial step 14 the auxiliary value β resultsfrom β=ra−αn and, respectively, in partial step 18 the auxiliary moduleδ results from δ=sn−γa.

Finally, configurations of the invention are also provided in whicheither in partial step 12 the masking parameter r=1 and in partial step14 the value α=0 are set (β=a then applies) or in which in partial step16 the auxiliary parameter s=1 and in partial step 18 the value γ=0 areset (δ=n then applies). Further embodiment alternatives can be obtainedin particular by combining the previously described possibilities.

1. A method for determining, in a way that is protected against spying,the modular inverse b of a value a in relation to a module n for acryptographic application, comprising the steps: a) determining anauxiliary value β and an auxiliary module δ, which are relatively primeto each other, at least depending on the value a, the module n and atleast one masking parameter r in such a way that at least one of thefollowing holds: the auxiliary value β differs from the value a and theauxiliary module δ differs from the module n, b) determining anauxiliary inverse β′ as the modular inverse of the auxiliary value β inrelation to the auxiliary module δ, and c) determining the modularinverse b at least depending on the following values: the auxiliaryinverse β′, the at least one masking parameter r, and at least one ofthe auxiliary value β and the auxiliary module δ.
 2. The methodaccording to claim 1, wherein the at least one masking parameter r israndomly chosen.
 3. The method according to claim 1, wherein at leastone of the value a and the module n is multiplied by the maskingparameter r, and wherein the thereby obtained product has some influenceon the calculation of at least one of the auxiliary value β and theauxiliary module δ.
 4. The method according to claim 1, wherein thedetermining of the auxiliary value β and the auxiliary module δ furthertakes place depending on at least one auxiliary parameter s, which hasat the most an indirect influence on determining the inverse b.
 5. Themethod according to claim 4, wherein the at least one auxiliaryparameter s is randomly chosen.
 6. The method according to claim 4wherein the auxiliary value β and the auxiliary module δ are determinedin such a way that the equations ra=αn+β and sn=γa+δ are fulfilled forpredetermined values α and γ.
 7. The method according to claim 6,wherein the inverse b is determined by evaluating the equation b=β′r+δ′γmod n with δ′=(ββ′−1)/δ.
 8. The method according to claim 4 wherein theauxiliary value β and the auxiliary module δ are determined in such away that the equations ra=αn+β and sn=γa+δ are fulfilled for values αand γ calculated in connection with the determining of the auxiliaryvalue β and the auxiliary module δ.
 9. The method according to claim 8,wherein the inverse b is determined by evaluating the equation b=β′r+δ′γmod n with δ′=(ββ′−1)/δ.
 10. The method according to claim 4, whereinthe auxiliary value β and the auxiliary module δ determined in such away that the equations ra=αn+δ and sn=γa+β are fulfilled forpredetermined values α and γ. 11-13. (canceled)
 14. The method accordingto claim 1, wherein the at least one masking parameter r has the sameorder of magnitude as the module n.
 15. The method according to claim 4,wherein the at least one auxiliary parameter s has the same order ofmagnitude as the value a.
 16. The method according to claim 10, whereinthe inverse b is determined by evaluating the equation b=−(δ′r+β′γ) modn with δ′=(ββ′−1)/δ.
 17. The method according to claim 4, wherein theauxiliary value β and the auxiliary module δ are determined in such away that the equations ra=αn+δ and sn=γa+β are fulfilled for values aand y calculated in connection with the determining of the auxiliaryvalue β and the auxiliary module δ.
 18. The method according to claim17, wherein the inverse b is determined by evaluating the equationb=−(δ′r+β′γ) mod n with δ′=(ββ′−1)/δ.
 19. The method according claim 4,wherein at least one of the auxiliary value β and the auxiliary module δis determined by a division with remainder in each case, so that atleast one of the in equations 0≦β<n and 0≦δ<a is fulfilled.
 20. Themethod according to claim 1, wherein the cryptographic application is akey pair determination in one of an RSA encoding method and an RSAsignature method.
 21. A computer program product which has programcommands to cause a processor to determine, in a way that is protectedagainst spying, the modular inverse b of a value a in relation to amodule n for a cryptographic application, comprising: a) determining anauxiliary value β and an auxiliary module δ, which are relatively primeto each other, at least depending on the value a, the module n and atleast one masking parameter r in such a way that at least one of thefollowing properties holds: the auxiliary value β differs from the valuea, and the auxiliary module δ differs from the module n, b) determiningan auxiliary inverse β as the modular inverse of the auxiliary value βin relation to the auxiliary module δ, and c) determining the modularinverse b at least depending on the following values: the auxiliaryinverse β′, the at least one masking parameter r, and at least one ofthe auxiliary value β and the auxiliary module δ.
 22. The computerprogram product according to claim 21, wherein the at least one maskingparameter r is randomly chosen.
 23. The computer program productaccording to claim 21, wherein the at least one masking parameter r hasthe same order of magnitude as the module n.
 24. The computer programproduct according to claim 21, wherein at least one of the value a andthe module n is multiplied by the masking parameter r, and wherein thethereby obtained product has some influence on the calculation of atleast one of the auxiliary value β and the auxiliary module δ.
 25. Thecomputer program product according to claim 21, wherein the determiningof the auxiliary value β and the auxiliary module δ further takes placedepending on at least one auxiliary parameter s, which has at the mostan indirect influence on determining the inverse b.
 26. The computerprogram product according to claim 25, wherein the at least oneauxiliary parameter s is randomly chosen.
 27. The computer programproduct according to claim 25, wherein the at least one auxiliaryparameter s has the same order of magnitude as the value a.
 28. Thecomputer program product according claim 25, wherein at least one of theauxiliary value β and the auxiliary module δ is determined by a divisionwith remainder in each case, so that at least one of the in equations0≦β<n and 0≦δ<a is fulfilled.
 29. The computer program product accordingto claim 21, wherein the cryptographic application is a key pairdetermination in one of an RSA encoding method and an RSA signaturemethod.
 30. A portable data carrier which is equipped for determining,in a way that is protected against spying, the modular inverse b of avalue a in relation to a module n for a cryptographic application,comprising: a) determining an auxiliary value β and an auxiliary moduleδ, which are relatively prime to each other, at least depending on thevalue a, the module n and at least one masking parameter r in such a waythat at least one of the following properties holds: the auxiliary valueβ differs from the value a, and the auxiliary module δ differs from themodule n, b) determining an auxiliary inverse β′ as the modular inverseof the auxiliary value β in relation to the auxiliary module δ, and c)determining the modular inverse b at least depending on the followingvalues: the auxiliary inverse β′, the at least one masking parameter r,and at least one of the auxiliary value β and the auxiliary module δ.31. The portable data carrier according to claim 30, wherein theportable data carrier is one of a smart card and a chip module.
 32. Theportable data carrier according to claim 30, wherein the at least onemasking parameter r is randomly chosen.
 33. The portable data carrieraccording to claim 30, wherein the cryptographic application is a keypair determination in one of an RSA encoding method and an RSA signaturemethod.